Hi. So I need to store some data in the browser storage (browser.storage.local). Can other extensions get to this storage or is it safe to store some sensitive data in there? At least temporarily.
Or maybe there is some better way to store sensitive data for WebExtensions?
If you want to guard it from other extensions, then yes, any storage mechanism in WebExtensions is safe (browser.storage and the web storage APIs).
There is currently no dedicated API to store things like OAuth secrets or passwords.
If you want to guard it from arbitrary access, then there is no absolutely safe way to store data in WebExtensions. Storage is written to the file system and could be read by a third party. Encryption is hard to do, since your source is readable too.
@ecc You could encrypt without storing the password, the drawback is if the user lose the password he lose every data stored. This is what happens with password managers for example. Security comes at a price.